iOS 14.5 privacy policy and Bloomreach Engagement iOS SDK

Bloomreach Engagement's view and recommendations on and in regard to the privacy regulations coming with iOS 14.5

We welcome Apple’s push for more customer privacy as it’s something we’ve also been working towards for years. Our platform offers numerous features that enable our clients to learn and respect customer preferences and privacy.

With the introduction of iOS 14.5, application developers are now obliged to be transparent about data collection and to request customer’s consent prior to the tracking (as defined by Apple). Depending on your implementation, this might also apply to the Bloomreach Engagement SDK.


How did iOS 15 impact emailing?

Check out free videos from Bloomreach Academy Mini Masterclass and learn what the implications of the iOS 15 are to email privacy. Find there also Desigual's impressive approach to the update!

Bloomreach Engagement isn’t “tracking”

Here’s the definition of tracking Apple uses on their website regarding User Privacy and Data Use for App Store:


Apple's definition of "tracking"

“Tracking refers to the act of linking user or device data collected from your app with user or device data collected from other companies’ apps, websites, or offline properties for targeted advertising or advertising measurement purposes. Tracking also refers to sharing user or device data with data brokers."

Sharing customer data with third-parties is not something Bloomreach Engagement SDK does automatically. Nor does our SDK automatically capture AdvertisingID of our client’s customers using their app.

This means Bloomreach Engagement SDK doesn’t “track” as defined by Apple.

Impact on use cases


Of the examples Apple gives, the most applicable to how some of our clients might be using Bloomreach Engagement is this:

“Sharing a list of emails, advertising IDs, or other IDs with a third-party advertising network that uses that information to retarget those users in other developers’ apps or to find similar users.”

If you have a use case, that uses in-app customer behaviour to target, re-target, or build lookalike audiences, you should only use data of customers who have given the ATT consent.

For example using customers who are active in the app (measured by events collected in-app) as a seed audience for your ad network lookalike audiences would require ATT consent.

In other contexts and use cases Bloomreach Engagement isn't subject to any changes that came with iOS 14.5. That includes analytics of in-app customer behaviour (not considered tracking by Apple), and marketing messages orchestrated in the Bloomreach Engagement platform such as emails, SMS, or push notifications.

First-party vs. third-party

Bloomreach Engagement is a first-party data tool. This means Bloomreach Engagement helps clients collect data directly from end customers that have a relationship with their products and services. Including their behavioural data such as product views, purchases, or data stored in clients other systems including ERP, or CRM.


As a first-party tool, Bloomreach Engagement isn’t a data broker as defined by Apple:

“In general, a data broker is a company that regularly collects and sells, licenses, or otherwise discloses to third parties the personal information of particular end-users with whom the business does not have a direct relationship.”

Gaining Consent

Since particular use cases might be subject to consent, we advise our clients to ask for consent and record it using our consent management. This will make it easy to then check for that consent in any advertising use cases that might require it.

That being said, we’ll re-iterate again that the core functionality of Bloomreach Engagement SDK isn’t considered tracking based on Apple’s definition.

The final decision on how to implement Bloomreach Engagement SDK with ATT consent depends on multiple factors listed above that should be considered by the clients and their legal team.

Privacy Policy

Aside from requesting consent, clients are obliged to transparently inform users about the data categories collected and their purpose. Usage of Bloomreach Engagement iOS SDK should be explicitly mentioned in the privacy policy of the iOS app.

Contact us if uncertain

The privacy changes Apple is implementing are a fast developing topic. While they do give prior warning, the impact on our client’s use cases is often unclear. We’re closely monitoring their updates and will add additional information if it comes out in the future.

If you have doubts about the specific impacts on your use cases and app tracking, contact your CSM who will provide you with the necessary information and guidance.